P
US9021093B2ActiveUtilityPatentIndex 51

Managing and securing manageable resources in stateless web server architecture using servlet filters

Assignee: CHANG DAVID YUPriority: Aug 17, 2010Filed: Aug 17, 2010Granted: Apr 28, 2015
Est. expiryAug 17, 2030(~4.1 yrs left)· nominal 20-yr term from priority
Inventors:CHANG DAVID YUCHANG JOHN YOW-CHUNVENKATARAMAPPA VISHWANATH
G06F 16/958H04L 63/10H04L 63/083G06F 17/3089
51
PatentIndex Score
0
Cited by
30
References
14
Claims

Abstract

Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein the application program component receives and processes the user request.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-based method for controlling fine-grained security access to managed resources in a stateless web server architecture comprising:
 accessing a resource locator map by a computer containing a unique resource instance locator code representing each instance of each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; 
 associating a servlet filter for each of the application program components; 
 authorizing by a computer the servlet filter based on a unique resource locator pattern by a servlet container such that each managed resource instance is identifiable by a unique resource locator; 
 assigning by a computer different security constraints for different unique resource locator patterns in each deployment descriptor of the stateless web server architecture using a code comprising two or more security constraints specifying a unique resource instance locator pattern and a role name for the pattern; 
 responsive to receiving from a user a validly-formatted Uniform Resource Locator request to access a unique resource instance, extracting a request pattern including at least a password value from a valid relative path portion of the validly-formatted Uniform Resource Locator request; 
 mapping by a computer the extracted pattern to one or more of the application program components using an associated servlet filter; 
 responsive to the mapping, performing by a computer fine-grained instance level security access to the application program component according to the assigned security constraints, wherein at least one security constraint comprises the extracted password associated with the role name; and 
 responsive to successful security access, sending by a computer the user Uniform Resource Locator request to the mapped application program component, wherein the application program component receives and processes the user request; 
 thereby providing different security access conditions to different instances of the same managed resource, and providing password authentication according to the pattern extracted from the relative path portion of the Uniform Resource Locator request. 
 
     
     
       2. The computer-based method as set forth in  claim 1  wherein the matched servlet filters are arranged in a chain to send user requests to related components. 
     
     
       3. The computer-based method as set forth in  claim 1  wherein different attributes are represented by respective resource locators within the matching pattern. 
     
     
       4. The computer-based method as set forth in  claim 1  wherein security constraints for each resource identified by a matching pattern are stored in a web deployment descriptor disposed in computer storage memory. 
     
     
       5. The computer-based method as set forth in  claim 1  wherein security constraints for each resource attribute also identified by resource locator matching pattern are stored in a web deployment descriptor disposed in computer storage memory. 
     
     
       6. A computer-readable storage memory for controlling access to managed resources in a stateless web server architecture comprising;
 a tangible, computer readable storage memory device suitable for storing program instructions for a processor; 
 first program instructions for accessing a resource instance locator map containing a unique resource instance locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; 
 second program instructions associating a servlet filter for each of the application program components; 
 third program instructions for authorizing the servlet filter based on a unique resource instance locator pattern by a servlet container such that each managed resource instance is identifiable by a Uniform Resource Locator; 
 fourth program instructions for assigning different security constraints for different unique resource instance locator patterns in each deployment descriptor of the stateless web server architecture using a code comprising two or more security constraints specifying a unique resource instance locator pattern and a role name for the pattern; 
 fifth program instructions for, responsive to receiving from a user a validly-formatted Uniform Resource Locator request to a unique resource, extracting a request pattern including at least a password value from a valid relative path portion of the validly-formatted Uniform Resource Locator request, and mapping the extracted pattern to one or more of the application program components using an associated servlet filter; 
 sixth program instructions for, responsive to the mapping, performing by a computer fine-grained instance level security access to the application program component according to the assigned security constraints, wherein at least one security constraint comprises the extracted password associated with the role name; and 
 seventh program instructions for, responsive to successful security access, sending the user Uniform Resource Locator request to the matched application program component, wherein the application program component receives and processes the user request; 
 wherein the first, second, third, fourth, fifth, sixth and seventh program instructions are stored by the tangible, computer-readable storage memory device; 
 thereby providing different security access conditions to different instances of the same managed resource, and providing password authentication according to the pattern extracted from the relative path portion of the Uniform Resource Locator request. 
 
     
     
       7. The computer-readable storage memory as set forth in  claim 6  wherein the matched servlet filters are configured to execute in a chain to send user requests to related components. 
     
     
       8. The computer-readable storage memory as set forth in  claim 6  wherein different attributes are represented by respective resource locators within the matching pattern. 
     
     
       9. The computer-readable storage memory as set forth in  claim 6  wherein security constraints for each resource identified by a matching pattern are stored in a web deployment descriptor disposed in computer storage memory. 
     
     
       10. The computer-readable storage memory as set forth in  claim 6  wherein security constraints for each resource attribute also identified by resource locator matching pattern are stored in a web deployment descriptor disposed in computer storage memory. 
     
     
       11. A computer-based system for controlling access to managed resources in a stateless web server architecture comprising;
 a stateless web server computing platform having a hardware computer processor or electronic circuit for performing a logical process; 
 a resource locator map portion of the stateless web server computing platform for providing a unique resource instance locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; 
 a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; 
 a servlet authorizer portion of the stateless web server computing platform for authorizing the servlet filters based on unique resource locator patterns by servlet containers such that each managed resource instance is identifiable by a unique resource instance locator; 
 a security constraint assigner portion of the stateless web server computing platform for assigning different security constraints for different unique resource instance locator patterns in each deployment descriptor of the stateless web server architecture using a code comprising two or more security constraints specifying a unique resource locator pattern and a role name for the pattern; 
 a resource locator extractor and mapper portion of the stateless web server computing platform for, responsive to receiving from a user a validly-formatted Uniform Resource Locator request to access a unique resource instance, extracting a request pattern including at least a password value from a valid relative path portion of the validly-formatted Uniform Resource Locator request, and for mapping the extracted pattern to one or more of the application program components using a corresponding servlet filter; and 
 a request authorizer portion of the stateless web server computing platform for, responsive to the mapping, performing by a computer fine-grained instance level security access to the application program component according to the assigned security constraints, wherein at least one security constraint comprises the extracted password associated with the role name; and 
 a request dispatcher portion of the stateless web server computing platform for, responsive to successful security access, sending the user Uniform Request Locator request to the matched application program component, wherein the application program component receives and processes the user request; 
 
       thereby providing different security access conditions to different instances of the same managed resource, and providing a password authentication according to the pattern extracted from the relative path portion of the Uniform Resource Locator request. 
     
     
       12. The system as set forth in  claim 11  wherein the matched servlet filters are arranged in a chain to send user requests to related components. 
     
     
       13. The system as set forth in  claim 11  wherein different attributes are represented by respective resource locators within the matching pattern. 
     
     
       14. The system as set forth in  claim 11  wherein security constraints for each resource attribute also identified by resource locator matching pattern are stored in a web deployment descriptor disposed in computer storage memory.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.